1. I do not send out spam. Do I need to comply with
Canada's anti-spam legislation (CASL)?
Yes. Contrary to popular belief, CASL does not only regulate
"spam". It regulates all commercial electronic messages
("CEM"), which virtually all businesses and
organizations send out.
2. Why do I need to comply with CASL?
There are significant consequences for non-compliance:
Fines of up to $1,000,000 for individuals and $10,000,000 for
corporations for each violation
Civil lawsuits and class actions
Liability of corporations / organizations for acts of their
Personal liability of directors and officers for violations
committed by their business / organization
3. When should I begin preparing for CASL?
If you have not already begun preparing for CASL, you should
begin now. That is because the sections of CASL that regulate CEMs
come into force on July 1, 2014.
4. In a nutshell – What are CASL's
requirements regarding CEMs?
CASL is an "opt in" regime. It prohibits anyone from
sending out CEMs to a Canadian recipient unless the recipient of
the CEM had previously consented to receiving it (with a few
exceptions). In addition, CASL requires all CEMs to include
prescribed information, including the names and contact information
of the sender(s) and the organization(s) on whose behalf the CEM is
sent, a statement that the recipient may withdraw his/her consent
at any time, and an "unsubscribe" mechanism.
5. Does CASL apply to charities and not-for-profit
Yes. The definition of a "commercial electronic
message" makes it clear that it applies to commercial
electronic messages sent without the expectation of profit. This
would include messages sent on behalf of charities and
In addition, the Regulations that accompany CASL have excluded
from its compliance requirements commercial electronic messages
sent for the "primary purpose of raising funds" for a
Canadian registered charity. That means that Canadian registered
charities must still comply with CASL for CEMs that are not sent
for the "primary purpose of raising funds".
6. What CEMs are exempt from CASL's
There are limited forms of CEMs that are exempt from CASL's
requirements. I recommend consulting with a lawyer before deciding
to rely on those exemptions. Some examples include:
CEM sent to someone with whom the sender has a
"family" or "personal" relationship
CEM sent between employees of the same business / organization
and the content of the CEM relates to the recipient's role
within the business / organization
CEM sent between businesses / organizations that have an
existing relationship and the content of the CEM relates to the
recipient's role within that business / organization
CEM sent in response to a request, inquiry or complaint
CEM sent by a registered charity for the primary purpose of
CEM sent by a political party for the primary purpose of
7. Does CASL apply to newsletters and information
Yes, in certain circumstances, CASL may apply to those types of
8. I have already obtained consents for the purposes of
complying with privacy laws. Can I rely on those consents for the
purpose of complying with CASL?
Not necessarily. CASL has specific requirements regarding the
manner in which you must obtain consent. If those requirements were
not met when you obtained consent, you would not be able to rely on
9. When a customer purchases a product from my website,
he / she can uncheck a pre-checked box that states that he / she
consents to receiving electronic messages from me. Can I send CEMs
to those costomers who did not uncheck the box?
No. Pre-checked boxes are unacceptable for the purposes of
obtaining CASL consent. You must require the customer to check an
empty box when providing his / her consent.
10. Does CASL apply to non-Canadian businesses, such as
Yes. Foreign businesses that send commercial electronic messages
to Canadian recipients must comply with CASL.
CASL is a complicated regulatory regime requiring a
multi-faceted compliance strategy. I recommend contacting a lawyer
with expertise in the area to obtain legal advice on CASL
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Employee turnover is an unavoidable reality for nearly all businesses. In addition to creating a number of financial and logistical difficulties, employee turnover also raises a number data security issues.
The Office of the Privacy Commissioner of Canada has ruled that the collection and use of a plaintiff's personal information for the purpose of defending against a civil lawsuit is not a "commercial activity" and, ...
While corporate executives are increasingly becoming aware of their obligation to be informed of cybersecurity threats and the steps being taken by their company to prevent data breaches, it is equally important for executives to ensure that the employees are educated with respect to cyber threats.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).